Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 12:35

General

  • Target

    bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    bcfe017487a3154741fbc7a0ec51ed90

  • SHA1

    aaf0251dd2834c2f35e87471b48d2a5722afd215

  • SHA256

    ba2bcdb7f7a07905a9be4c223eba6477ef2de779d47859a95299c844c66625f2

  • SHA512

    ffee900f4c741221ae6cef5a8672fc20bf63e2599db2eaf82db25dfdc58b6f9a135c668da2e952b1e9df926b48f6328c97f897c55b5f343d90c8fd07d161cd7c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpi4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:876
    • C:\UserDotT1\xbodloc.exe
      C:\UserDotT1\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxT7\optialoc.exe

    Filesize

    2.7MB

    MD5

    19d08c30e2ceb5308722bd60bf121523

    SHA1

    0143b6465eece8b58287fbff7c71ece1919c6465

    SHA256

    ef47b332ab42da0fea4c627752a8c2f92cca0d2808fec9835fa1d24a48fc23b9

    SHA512

    6beb32902668c1be7469f6a77b0d6bd1ba778293e582c5f8d8b51ddd23607a19431aede6e886d58758e6a11ff1ea431f67bfd37463cdef96a06acf647a1d2c0d

  • C:\UserDotT1\xbodloc.exe

    Filesize

    2.7MB

    MD5

    5718b04058c25256519689326fe4ff40

    SHA1

    4439a14a241cfb4914ccc9e90f8d8cc87fe0e5a8

    SHA256

    2bc71e7f2c13d0374cff21c069e7df26241c6fd6efce40adeb4f2b81ae5215b6

    SHA512

    4f14a23d584e31a3653735a04135b85f58de02ac643e607044c7be607d21334871da6dae519934cc344488b4a83315b274c73ac34d95dc678b7cbb23022c1518

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    207B

    MD5

    449047f4b6120566869e47cd9e955972

    SHA1

    c683022816bc82cde1db4520cbf58a98fde0380c

    SHA256

    6cae1b8a9dda71ed50145b03572c4421cada50fd8e4eaf7598d8bb9f3f47ab69

    SHA512

    83ab1a09b6f7f938293caef59f8ce2b9014da52868a85cc7518b2d8b1d53698ff1a37ef978af22518d55c5f148c02dbfabd7e8b1c6282be1e32bfe208ab1dfb0